FR2840747A1 - Biometric access authentication method wherein each time access is required a fingerprint sample is compared with a stored encrypted reference with the new fingerprint sample forming a new reference after a positive comparison - Google Patents

Biometric access authentication method wherein each time access is required a fingerprint sample is compared with a stored encrypted reference with the new fingerprint sample forming a new reference after a positive comparison Download PDF

Info

Publication number
FR2840747A1
FR2840747A1 FR0207125A FR0207125A FR2840747A1 FR 2840747 A1 FR2840747 A1 FR 2840747A1 FR 0207125 A FR0207125 A FR 0207125A FR 0207125 A FR0207125 A FR 0207125A FR 2840747 A1 FR2840747 A1 FR 2840747A1
Authority
FR
France
Prior art keywords
computer
key
new
access
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
FR0207125A
Other languages
French (fr)
Other versions
FR2840747B1 (en
Inventor
Laurent Michel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to FR0207125A priority Critical patent/FR2840747B1/en
Publication of FR2840747A1 publication Critical patent/FR2840747A1/en
Application granted granted Critical
Publication of FR2840747B1 publication Critical patent/FR2840747B1/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Abstract

Method for checking an electronic signature in the form of a biometric fingerprint, whereby a fingerprint (EB) is recorded and analyzed to form a sample (ECH). The sample is compared (204) with a reference value the has been decrypted using a key requested from a server. If the comparison is positive access is grated. The sample is then used to form a new encryption key, which is stored in the server together with the new encrypted reference value. The new encrypted reference is also stored locally.

Description

saturable de type sans electrode.saturable type without electrode.

La presente invention concerne une signature electronique de l'utilisateur d'un ordinateur pour controler l'autorisation d'acces d'un certain utilisateur ou groupe d'utilisateur a un ordinateur, notamment pour effectuer des transactions, la signature electronique etant l'empreinte s biometrique de l'utilisateur et ltordinateur, equipe d'un capteur  The present invention relates to an electronic signature of the user of a computer for controlling the authorization of access of a certain user or group of user to a computer, in particular for carrying out transactions, the electronic signature being the fingerprint. s user and computer biometric, equipped with a sensor

d'empreintes biometriques, est relic a un serveur.  biometric fingerprints, is linked to a server.

Art anterieurPrior art

I1 existe de nombreux systemes de signature electronique.  There are many electronic signature systems.

Le probleme de tous les systemes existants reside dans la securite plus ou o moins grande de ces systemes, d'autant plus qu'ils doivent tenir compte de la reglementation concernant la protection des informations confiden  The problem of all existing systems lies in the greater or lesser security of these systems, especially since they must take into account the regulations concerning the protection of confidential information.

tielles relatives aux personnel qui doit etre contenue dans des fichiers.  relating to personnel which must be contained in files.

La presente invention a pour but de developper un systeme de signature electronique, offrant des garanties de securite tres poussee pour l'acces a un ordinateur d'une personne autorisee en vue d'executer des transactions et qui soit egalement protege contre toutes les interven tions de piratage, susceptibles de recueillir des informations confidentiel  The purpose of the present invention is to develop an electronic signature system, offering very high security guarantees for access to a computer of an authorized person in order to execute transactions and which is also protected against all intervention. hacking, likely to collect confidential information

les lors de ['execution de la transaction par l'intermediaire d'un reseau.  during the execution of the transaction through a network.

Obet de ['invention o A cet effet, ['invention concerne une signature electronique du type defini ci-dessus caracterisee en ce que A) a la premiere utilisation protegee de l'ordinateur: - on saisit l'empreinte biometrique de l'utilisateur autorise avec le capteur biometrique associe a l'ordinateur, - on attribue un numero d'identification a l'utilisateur, - on analyse ltempreinte biometrique pour en determiner les parti cularites (minuties, points X, Y) et leur position relative dans un systeme de coordonnees pour former une reference, - on forme une cle de cryptage en appliquant un programme de cryptage a la reference, - on crypte la reference avec la cle de cryptage ainsi obtenue pour former la reference cryptee, - on efface l'empreinte saisie et la reference, - on stocke localement la reference cryptee avec le numero d'identification, on envole la cle au servour avec le numero d'identification, - on efface la cle dans l'ordinateur, B) lors d'un acces suivant a l'ordinateur: - on saisit l'empreinte biometrique, - on analyse ltempreinte et on forme un echantillon a ['aide du pro gramme d'analyse, - on envoie une requete de cle avec le numero d'identification au s servour, qui retourne la cle associee au numero d'identification, - on de crypte la reference cryptee enre gi stree lo calement avec la cle, - on compare l'echantillon a la reference decryptee: * si la comparaison est positive, l'autorisation d'acces est accor io de et on forme une nouvelle cle de cryptage transmise au ser veur sous le meme numero d'identification en remplacement de l'ancienne cle et avec cette nouvelle cle, on crypte ltechantillon qui devient une reference cryptee remplacO ant la reference precedente, * si la comparaison est negative, l'autorisation d'acces est refu see. La signature electronique selon ['invention a l'avantage de respecter le caractere confidential de ['information relative a la personne autorisee, c'est-a-dire son empreinte biometrique puisque cette informa o tion n'est pas conservee dans la memoire de l'ordinateur, ni a un autre endroit. Seules vent conservees d'une part, la cle de cryptage etablie a partir de ltempreinte biometrique et cette cle de cryptage ntest pas inscrite dans l'ordinateur dont l'acces doit etre autorise mais dans un servour et d'autre part, la reference cryptee enregistree localement soit dans :5 l'ordinateur soit de maniere indirecte sur un support risible par  Object of the invention o To this end, the invention relates to an electronic signature of the type defined above, characterized in that A) at the first protected use of the computer: - the user's biometric fingerprint is entered authorized with the biometric sensor associated with the computer, - we assign an identification number to the user, - we analyze the biometric fingerprint to determine its particularities (minutiae, points X, Y) and their relative position in a system coordinates to form a reference, - we form an encryption key by applying an encryption program to the reference, - we encrypt the reference with the encryption key thus obtained to form the encrypted reference, - we delete the fingerprint entered and the reference, - we locally store the encrypted reference with the identification number, we send the key to the servour with the identification number, - we delete the key in the computer, B) during a subsequent access to l computer: - we know if the biometric fingerprint, - we analyze the fingerprint and we form a sample using the analysis program, - we send a request for a key with the identification number to the server, which returns the key associated with the number identification, - we encrypt the encrypted reference in gi stree lo cally with the key, - we compare the sample to the decrypted reference: * if the comparison is positive, the access authorization is accor io of and we forms a new encryption key transmitted to the server under the same identification number to replace the old key and with this new key, the sample is encrypted which becomes an encrypted reference replaced by the previous reference, * if the comparison is negative , the authorization of access is refused. The electronic signature according to the invention has the advantage of respecting the confidential nature of the information relating to the authorized person, that is to say his biometric fingerprint since this information is not kept in the memory of the computer, or somewhere else. Only wind kept on the one hand, the encryption key established from the biometric fingerprint and this encryption key is not registered in the computer whose access must be authorized but in a servour and on the other hand, the encrypted reference saved locally either in: 5 the computer or indirectly on a medium laughable by

l'ordinateur a ['aide d'un equipement peripherique.  the computer using peripheral equipment.

Or, la cle de cryptage ntest pas utilisable seule. I1 en est de  However, the encryption key cannot be used alone. There is

meme de la reference cryptee qui ne peut servir si elle n'est pas decryptee.  even the encrypted reference which cannot be used if it is not decrypted.

La securite de s informations est done as suree par ltenregistrement sous forme d'informations complementaires (cle, reference cryptee) en des lieux  Information security is therefore ensured by recording it in the form of additional information (key, encrypted reference) in places

differents et inutilisable isolement.  different and unusable in isolation.

La cle de cryptage est unique car elle a ete obtenue a partir de l'empreinte biometrique ou plus exactement de la trace recueillie par un capteur d'empreintes biometriques. Cette trace, reproduit les particu ss larites de l'empreinte, par exemple dans la cas d'une empreinte digitale les arcs, boucles, volutes..., formant les minuties, c'est-a- dire les points parti culiers de l'empreinte tels que les points appeles points X et Y correspon dant au croisement ou a l'embranchement de nervures de l'empreinte  The encryption key is unique because it was obtained from the biometric fingerprint or more precisely from the trace collected by a biometric fingerprint sensor. This trace, reproduces the particulars of the imprints, for example in the case of a fingerprint the arcs, loops, volutes ..., forming the minutiae, that is to say the particular points of the footprint such as the points called points X and Y corresponding to the crossing or to the junction of ribs of the footprint

digitale. Car meme si les points particuliers de l'empreinte vent inchan-  digitalis. Because even if the particular points of the wind imprint remain unchanged

gees, leur position relative par rapport au capteur peut varier suivant la partie du doigt de l'utilisateur qui donnera ltempreinte et n'est jamais exactement la meme. De meme, la force avec laquelle l'utilisateur appuie son doigt et l'ecrase plus ou moins, modife la trace de l'empreinte digitale qui varie d'une operation de saisie a l'autre si bien que la position relative des minuties est differente. En effet suivant l'ecrasement plus ou moins important du doigt, l'ecartement relatif des minuties peut etre modifie  gees, their relative position relative to the sensor can vary according to the part of the user's finger which will give the imprint and is never exactly the same. Likewise, the force with which the user presses his finger and more or less crushes it, modifies the trace of the fingerprint which varies from one capture operation to another so that the relative position of the minutiae is different. Indeed depending on the more or less significant crushing of the finger, the relative spacing of the minutiae can be modified

dans le sens de la largeur, de la longueur ou de maniere combinee.  in the width, in the length or in a combined way.

o Ainsi apres avoir compare cette nouvelle empreinte sous sa forme analysee, appelee echantillon a la reference decryptee avec la cle de cryptage renvoyee par le serveur et appliquee a la reference cryptee enre gistree localement dans l'ordinateur ou sur un support risible par celuici, le programme verifie si la nouvelle empreinte peut etre consideree comme identique a l'ancienne. Cette nouvelle empreinte servira aussi a former une cle de cryptage integrant des elements aleatoires et cette cle de cryptage sera differente de la precedente cle de cryptage. Cette nouvelle cle de cryptage sera envoyee au servour sans laisser de trace dans l'ordinateur, pour y etre conservee jusqu'a la requete d'acces suivante. En meme temps, cette nouvelle cle de cryptage aura servi a crypter l'echantillon accepte comme  o Thus after having compared this new fingerprint in its analyzed form, called sample to the reference decrypted with the encryption key returned by the server and applied to the encrypted reference recorded locally in the computer or on a medium laughable by it, the program checks if the new fingerprint can be considered identical to the old one. This new fingerprint will also be used to form an encryption key integrating random elements and this encryption key will be different from the previous encryption key. This new encryption key will be sent to the server without leaving a trace on the computer, to be kept there until the next access request. At the same time, this new encryption key will have been used to encrypt the sample accepted as

nouvelle reference de ltempreinte biometrique et qui sera enregistree loca-  new biometric fingerprint reference which will be registered locally

lement comme reference cryptee avec le numero d'identifcation. Toutes les autres informations et donnees telles que l'empreinte saisie, la refe s rence (non cryptee), la cle de cryptage seront effacees. En meme temps, cette nouvelle cle de cryptage aura servi a crypter l'echantillon accepte  Also as an encrypted reference with the identification number. All other information and data such as the fingerprint entered, the reference (not encrypted), the encryption key will be deleted. At the same time, this new encryption key will have been used to encrypt the accepted sample.

comme nouvelle reference de l'empreinte biometrique et qui sera enregis-  as a new reference for the biometric print and which will be registered

tre localement comme reference cryptee avec le numero d'identification, toutes les autres informations et donnees telles que l'empreinte saisie, la  be locally as an encrypted reference with the identification number, all other information and data such as the fingerprint entered, the

so reference (non cryptee), la cle de cryptage seront effacees de l'ordinateur.  so reference (not encrypted), the encryption key will be deleted from the computer.

Ainsi a chaque demande d'autorisation d'acces a l'ordinateur, une nouvelle cle de cryptage est formee pour ['operation d'acces suivante, sans que cette cle de cryptage ne puisse se deduire d'une quelconque maniere de la cle precedente. La cle de cryptage reste enregis  Thus each time an authorization request is made for access to the computer, a new encryption key is formed for the next access operation, without this encryption key being able to be deduced in any way from the previous key. . The encryption key remains saved

s5 tree dans le serveur jusqu'a ce qutelle soit remplacee par une nouvelle cle.  s5 tree in the server until it is replaced by a new key.

On augmente ainsi de maniere considerable la securite de la signature puisque meme un piratage de l'ordinateur ne permet even tuellement d'obtenir que la cle utilisee et qui ne peut servir une deuxieme foist Suivant une autre caracteristique interessante, on stocke localement la reference cryptee dans l'ordinateur ou dans un support lisi  We thus considerably increase the security of the signature since even a hacking of the computer only allows to obtain sometimes only the key used and which cannot serve a second time. According to another interesting characteristic, we locally store the encrypted reference in the computer or in a lisi support

s ble directement par l'ordinateur (carte a puce, une cle USB, un IBUTION) .  directly by computer (smart card, USB key, IBUTION).

Les informations a stocker vent eventuellement compressees avant enre  The information to be stored may be compressed before saving

gistrement; elles seront alors decompressees lors de la lecture.  istration; they will then be decompressed during reading.

Suivant une autre caracteristique avantageuse, en cas de plusieurs utilisateurs autorises a l'acces de l'ordinateur, chacun est iden 0 tifie par un numero d'identification associe respectivement aux cles de  According to another advantageous characteristic, in the case of several users authorized to access the computer, each is identified by an identification number associated respectively with the keys of

cryptage et aux references cryptees successives de chaque utilisateur.  encryption and successive encrypted references of each user.

Ainsi, selon la procedure ci-dessus, le ou les utilisateurs autorises d'un meme ordinateur n'auront pas a connatre leur numero  Thus, according to the above procedure, the authorized user (s) of the same computer will not have to know their number

d'identifcation ce qui augmente egalement la securite.  identification which also increases security.

Suivant une autre caracteristique, les numeros d'identification NI(i) vent enregistres dans ltordinateur et, lors d'un acces par l'un des utilisateurs autorises, apres la saisie de son empreinte bio metrique EB, l'ordinateur utilise successivement les differents numeros d'identification NI(i) pour demander chaque fois la cle de cryptage associee au serveur; effectuer les controle avec cette cle de cryptage (decryptage, comparaison de la reference decryptee et de l'echantillon, formation d'une nouvelle cle de cryptage et d'une nouvelle reference cryptee et leur enre gistrement, effacement des anciennes references, anciennes cles de la re ference ayant servi au nouveau cryptage) ou refuser definitivement l'acces  According to another characteristic, the identification numbers NI (i) are stored in the computer and, when accessed by one of the authorized users, after entering their bio-metric footprint EB, the computer successively uses the different NI identification numbers (i) to request each time the encryption key associated with the server; perform the checks with this encryption key (decryption, comparison of the encrypted reference and the sample, formation of a new encryption key and a new encrypted reference and their recording, deletion of the old references, old keys of the reference used for the new encryption) or definitively refuse access

2s si les differentes comparaisons ont toutes ete negatives.  2s if the different comparisons were all negative.

Ainsi, selon la procedure ci-dessus, le ou les utilisateurs autorises d'un meme ordinateur n'auront pas a connatre leur numero  Thus, according to the above procedure, the authorized user (s) of the same computer will not have to know their number

d'identification, ce qui augmente egalement la securite.  identification, which also increases security.

De facon avantageuse, au moment de la demande d'acces, l'ordinateur cree un jeton qui fait le tour du reseau pour ne permettre  Advantageously, at the time of the access request, the computer creates a token which goes around the network so as not to allow

qu'une transaction.than a transaction.

L'utilisation d'un jeton modifie a chaque operation permet  The use of a modified token at each operation allows

d'augmenter la securite de la signature electronique.  increase the security of the electronic signature.

Ce jeton est un nombre aleatoire identifiant la transaction  This token is a random number identifying the transaction

et modifie a chaque operation.and changes with each operation.

Dessins La presente invention sera decrite ci-apres de maniere plus detaillee a ['aide des dessins annexes dans lesquels: - la figure 1 montre un schema de ['installation selon ['invention, - la figure 2 montre un ordinogramme simplifie de l'etablissement des moyens de controle de la signature electronique selon ['invention, - la figure 3 est un ordinogramme simplifie de la procedure de controle  Drawings The present invention will be described below in more detail with the aid of the annexed drawings in which: - Figure 1 shows a diagram of the installation according to the invention, - Figure 2 shows a simplified flowchart of the establishment of the electronic signature control means according to the invention, - Figure 3 is a simplified flowchart of the control procedure

s d'une demande d'acces a l'ordinateur protege.  s a request for access to the protected computer.

Description de modes de realisationDescription of embodiments

Selon la fgure 1, ['invention concerne un procede de con trole d'une signature electronique destinee a permettre a un utilisateur autorise d'acceder a un ordinateur 1 pour effectuer des transactions ne lO cessitant une protection, comme par exemple des transactions commer  According to figure 1, the invention relates to a method for checking an electronic signature intended to allow an authorized user to access a computer 1 to carry out transactions which do not cease protection, such as for example commercial transactions.

ciales, l'envoi d'un ordre de debit ou d'un montant d'argent.  companies, sending a debit order or an amount of money.

Pour cela, selon ['invention, l'acces a l'ordinateur 1 est don ne seulement apres verification d'une empreinte biometrique de l'utilisateur autorise. Le controle est precede d'une premiere etape con is sistant a enregistrer dans l'ordinateur, la signature electronique du ou des utilisateurs qui seront autorises. Cette signature electronique est associee a une empreinte biometrique de chaque utilisateur par exemple son em preinte digitale. Ce n'est qu'apres ce premier enregistrement que le ou les utilisateurs pourront demander l'acces en fournissant a chaque fois leur empreinte biometrique seront etablis qui sera controlee en meme temps  For this, according to the invention, access to the computer 1 is given only after verification of a biometric fingerprint of the authorized user. The control is preceded by a first step consisting of recording on the computer, the electronic signature of the user (s) who will be authorized. This electronic signature is associated with a biometric fingerprint of each user, for example his fingerprint. It is only after this first registration that the user (s) can request access by providing each time their biometric fingerprint will be established which will be checked at the same time.

que de nouveaux elements de controle (cle de cryptage, reference cryptee).  new control elements (encryption key, encrypted reference).

La description suivante sera faite avec exemple de  The following description will be made with example of

ltempreinte digitale.l fingerprint.

La figure 1 montre schematiquement les moyens de controle :5 d'une signature electronique associe a un ordinateur 1. L'ordinateur 1 est equipe d'un capteur d'empreintes biometriques 2 tel qu'un capteur d'empreintes digitales. Il traite l'empreinte ainsi saisie a ['aide d'un pro gramme d'analyse PRA pour en deduire des informations cryptees a ['aide d'un programme de cryptage PRC. Les informations permettront de con trdler l'autorisation d'acces d'un utilisateur au PC pour effectuer les transactions comme indique ci-dessus. Le systeme comprend egalement un serveur S auquel l'ordinateur accede par l'intermediaire d'un reseau R. Ce servour recoit la cle de cryptage etablie par le programme PRC a partir d'informations liees a la premiere saisie de ltempreinte biometrique. Le serveur fournit cette information en retour a la requete de l'ordinateur 1 et apres le contrdle de l'autorisation d'acces, l'utilisateur ensuite autorise peut effectuer des transactions avec un fournisseur Fi par l'intermediaire du reseau R. Le deroulement des differentes operations sera decrit ci apres de maniere plus detaillee a ['aide des ordinogrammes des figures 2 et 3. Ces operations de controle de l'identite d'utilisateur se de s roulent en deux etapes, une etape preliminaire consistent a enregistrer un utilisateur autorise et les etapes suivantes au cours desquelles  FIG. 1 shows diagrammatically the means of control: 5 of an electronic signature associated with a computer 1. The computer 1 is equipped with a biometric fingerprint sensor 2 such as a fingerprint sensor. It processes the fingerprint thus captured using a PRA analysis program to deduce encrypted information from it using a PRC encryption program. The information will make it possible to control the authorization of access of a user to the PC to carry out the transactions as indicated above. The system also includes a server S to which the computer accesses via a network R. This server receives the encryption key established by the PRC program from information linked to the first entry of the biometric fingerprint. The server provides this information in return to the request from computer 1 and after the access authorization has been checked, the user then authorized can carry out transactions with a supplier Fi via the network R. different operations will be described below in more detail using the flowcharts of Figures 2 and 3. These operations of control of user identity are carried out in two stages, a preliminary stage consists in registering a user authorizes and the following stages during which

l'utilisateur demande l'acces a l'ordinateur.  the user requests access to the computer.

L'etape preliminaire d'enregistrement de l'utilisateur ou des utilisateurs est representee schematiquement sous la forme d'un ordino lO gramme a la figure 2 et les operations de controle d'autorisation d'acces vent representees schematiquement par l'ordinogramme de la figure 3,  The preliminary step of registering the user or users is represented diagrammatically in the form of an ordino 10 gram in FIG. 2 and the operations for controlling authorization of access are represented diagrammatically by the flow diagram of the figure 3,

completee par une partie de l'ordinogramme de la figure 2.  supplemented by part of the flowchart in Figure 2.

Selon la figure 2, au cours de l'etape preliminaire on enre gistre un utilisateur autorise en effectuant d'abord sa prise d'empreinte s biometrique EB (100) par le capteur 2. Puis, l'empreinte ainsi saisie et analysee (101) avec un programme d'analyse PRA (102). Cette analyse consiste a determiner les particularites de la trace de ltempreinte biome trique EB. Dans le cas d'une empreinte digitale, examinee plus particulie rement ici, cette analyse consiste a determiner les minuties de la trace o (empreinte), ctest-a-dire les points particuliers de ltempreinte, tels que les  According to FIG. 2, during the preliminary step an authorized user is recorded by first taking his biometric impression EB (100) by the sensor 2. Then, the impression thus captured and analyzed (101 ) with a PRA analysis program (102). This analysis consists in determining the peculiarities of the trace of the EB biometric imprint. In the case of a fingerprint, examined more particularly here, this analysis consists in determining the minutiae of the trace o (fingerprint), that is to say the particular points of the fingerprint, such as

points X, Y et leurs coordonnees relatives.  points X, Y and their relative coordinates.

I1 convient de remarquer ici qu'il faut distinguer l'empreinte biometrique proprement cite telle que l'empreinte digitale, relativement abstraite et la trace de cette empreinte sur le capteur. Cette trace qui est s la surface de contact entre le doigt et la capteur. Cette trace ne represente qu'une partie de la totalite de l'empreinte digitale. Wile depend de la partie du doigt qui est appliquee sur le capteur et de la pression exercee sur le doigt, c'est-a-dire de l'ecrasement de la surface de contact entre le doigt et  It should be noted here that a distinction must be made between the biometric fingerprint properly cited such as the relatively abstract fingerprint and the trace of this fingerprint on the sensor. This trace which is on the contact surface between the finger and the sensor. This trace represents only part of the totality of the fingerprint. Wile depends on the part of the finger which is applied to the sensor and the pressure exerted on the finger, i.e. the crushing of the contact surface between the finger and

le capteur.the sensor.

Cela signifie que la trace de l'empreinte biometrique (em preinte globale) n'est jamais la meme pour une meme personne car les points particuliers ou minuties contenus dans la trace peuvent differer suivant la surface appliquee. Leurs coordonnees relatives peuvent egale ment varier. Ces variations vent relativement faibles mais suffisantes pour 3s etre distinguees par le programme d'analyse et servir dans les conditions  This means that the trace of the biometric imprint (global imprint) is never the same for the same person because the particular points or minutiae contained in the trace can differ depending on the surface applied. Their relative coordinates may also vary. These relatively small wind variations but sufficient to be distinguished by the analysis program and used in the conditions

qui seront vues ulterieurement.which will be seen later.

Le resultat de cette analyse est l'obtention d'un ensemble de donnees appele << reference RF,,. La premiere reference, c'est-a-dire celle associee a l'analyse de la premiere prise d'empreinte de l'utilisateur qui sera autorise, est appelee RF(0). Les references suivantes associees a cha que nouvelle prise d'empreinte de ce meme utilisateur autorise, seront ap pelees RF(1), RF(n), RF(n+l), En meme temps que le programme PRA analyse l'empreinte EB de l'utilisateur Ui, l'ordinateur etablit (103) un numero d'identification  The result of this analysis is to obtain a set of data called "RF reference". The first reference, that is to say that associated with the analysis of the first impression of the user which will be authorized, is called RF (0). The following references associated with each new fingerprinting of this same user authorized, will be called RF (1), RF (n), RF (n + l), At the same time as the PRA program analyzes the EB footprint of user Ui, the computer establishes (103) an identification number

NI(i) attribue a cet utilisateur Ui.  NI (i) assigns this user Ui.

Ensuite, a ['aide d'un programme PRC, l'ordinateur forme  Then, using a PRC program, the computer trains

(104) une cle de cryptage CL(0) (105) a partir de la reference RF(0).  (104) an encryption key CL (0) (105) from the reference RF (0).

o A ['aide de la cle de cryptage CL(0) et de la reference RF(0), ltordinateur crypte la reference, c' est-a- dire forme une reference cryptee  o Using the encryption key CL (0) and the RF reference (0), the computer encrypts the reference, that is to say, forms an encrypted reference

RFC(0) (106)RFC (0) (106)

Cette reference cryptee RF(0) est stockee localement (107) soit dans l'ordinateur soit sur un support accessible a l'ordinateur tel  This RF encrypted reference (0) is stored locally (107) either in the computer or on a medium accessible to the computer such

qu'une carte a puce qui s'introduit dans un lecteur lie a l'ordinateur.  than a smart card that gets into a reader linked to the computer.

En meme temps que la reference cryptee RC(0) est enregis tree, la cle CL(0) est envoyee (108) au serveur S puis la cle CL(0) est effa  At the same time as the encrypted reference RC (0) is saved tree, the key CL (0) is sent (108) to the server S then the key CL (0) is erased

cee (109) de ltordinateur.this (109) of the computer.

De meme, la reference RF(0) est effacee (110).  Likewise, the RF reference (0) is deleted (110).

o La cle de cryptage CL(0) est envoyee au servour en meme temps que le numero d'identification NI(i). Ce numero est egalement asso  o The encryption key CL (0) is sent to the servour together with the identification number NI (i). This number is also associated

cie a la reference cryptee RFC(0) enregistree localement.  cie to the locally saved RFC (0) encrypted reference.

Ces operations terminent (113) cette etape preliminaire.  These operations complete (113) this preliminary step.

L'ordinateur est maintenant pret pour recevoir une requete :5 d'acces par un utilisateur et pourra verifier si cet utilisateur est autorise a  The computer is now ready to receive a request: 5 accesses by a user and can check if this user is authorized to

acceder a l'ordinateur.access the computer.

Le deroulement de ces operations est represente par l'ordinogramme de la figure 3 utilisant egalement des etapes de l'ordinogramme de la figure 2. Pour cette raison, les indices des designa so tion ont ete doubles; par exemple, l'indice O pour ['operation preliminaire est l'indice 1 pour ['operation suivante et ainsi de suite (n)et (n+l) Au cours d'une premiere etape (200), l'utilisateur fait pren dre son empreinte biometrique par le capteur 2. Cette empreinte est ana lysee par l'ordinateur (201) qui forme un echantillon ECH. Cet echantillon s5 correspond a ce qui, par ['operation d'analyse (101) de l'etape preliminaire,  The flow of these operations is represented by the flowchart in Figure 3 also using steps from the flowchart in Figure 2. For this reason, the designations indices were double; for example, the index O for the preliminary operation is the index 1 for the next operation and so on (n) and (n + l) During a first step (200), the user does take its biometric print by sensor 2. This print is analyzed by the computer (201) which forms an ECH sample. This sample s5 corresponds to what, by the analysis operation (101) of the preliminary step,

a donne la reference.gave the reference.

L'echantillon ECH contient les points particuliers de  The ECH sample contains the particular points of

l'empreinte biometrique et leur positionnement.  the biometric footprint and their positioning.

L'ordinateur demande (202) egalement la cle au serveur S  The computer also requests (202) the key from the server S

en lui adressant une requete avec le numero d'identification NI(i).  by sending him a request with the identification number NI (i).

On suppose ici qu'il n'y a qutun seul numero dtidentifcation disponible dans l'ordinateur qui traite la demande d'acces. Le serveur S  It is assumed here that there is only one identification number available on the computer which processes the access request. The server S

s repond en envoyant la cle CL(0) associee au numero d'identification NI(i).  s is answered by sending the key CL (0) associated with the identification number NI (i).

Cette cle CL(0) est utilisee par ltordinateur et le programme  This key CL (0) is used by the computer and the program

de cryptage PRC pour decrypter (203) la reference cryptee RFC(0) enregis-  PRC encryption to decrypt (203) the RFC encrypted reference (0) saved

tree dans l'ordinateur et associee au numero d'identification NI(i).  tree in the computer and associated with the NI (i) identification number.

Ensuite, l'ordinateur compare (204) ltechantillon ECH et la io reference decryptee RF(0). Cette comparaison (204) des deux ensembles d'informations se fait selon des criteres dependent de la nature de  Next, the computer compares (204) the ECH sample and the decrypted RF reference (0). This comparison (204) of the two sets of information is made according to criteria depending on the nature of

l'empreinte biometrique. On considere que les informations vent equ*a-  the biometric print. We consider that the information is equ * a-

lentes si l'echantillon, c' est-a-dire le s points particuliers de la nouvelle empreinte saisie, vent suffisamment proches des points particuliers de la  slow if the sample, that is to say the particular points of the new fingerprint captured, is sufficiently close to the particular points of the

reference decryptee RF(0).RF decrypted reference (0).

Dans ['affirmative (205), l'acces est autorise (206) a l'ordinateur. En meme temps que l'acces est autorise, l'ordinateur forme (207) une nouvelle cle de cryptage CL(1) a partir de l'echantillon ECH avec le programme PRC. Dans cette operation, l'echantillon est considere  If yes (205), access is allowed (206) to the computer. At the same time as access is authorized, the computer forms (207) a new encryption key CL (1) from the sample ECH with the program PRC. In this operation, the sample is considered

o comme la reference de l'empreinte saisie au point 200.  o as the reference of the fingerprint entered in point 200.

On obtient ainsi une cle de cryptage CL(l, n+l). Cette cle de  We thus obtain an encryption key CL (l, n + l). This key of

cryptage CL(l, n+l) est alors utilisee de facon analogue a ce qui a ete de-  CL encryption (l, n + l) is then used in a manner analogous to what has been

crit a propos de la fgure 2 pour l'etape preliminaire, pour crypter la refe-  written about figure 2 for the preliminary step, to encrypt the refe-

rence (ancien echantillon), c'est-a-dire la reference RF(1, n+l). La  rence (old sample), ie the RF reference (1, n + l). The

:5 reference cryptee avec la cle de cryptage donne l'echantillon crypte, c'est-  : 5 reference encrypted with the encryption key gives the encrypted sample, that is

a-dire la nouvelle reference cryptee RFC(l, n+l) qui est ensuite stockee  ie the new RFC encrypted reference (l, n + l) which is then stored

localement. La nouvelle cle CL(l, n+l) est envoyee au serveur sous le nu-  locally. The new CL key (l, n + l) is sent to the server under the number

mero d'identification NI(i), qui reste inchange. La nouvelle reference cryp-  NI (i) identification mero, which remains unchanged. The new reference cryp-

tee RFC(l, n+l) est enregistree localement sous le numero  tee RFC (l, n + l) is saved locally under the number

o d'identification NI(i).o NI (i) identification.

Comme precedemment, la cle de cryptage est effacee de  As before, the encryption key is deleted from

l'ordinateur de meme que l'echantillon et la reference, senle restart enre-  the computer as well as the sample and the reference, senle restart enre-

gistree localement la reference cryptee RFC(l, n+l) et son numero  locally store the RFC encrypted reference (l, n + l) and its number

d'identification NI(i).NI (i) identification.

s La nouvelle cle de cryptage CL(l, n+l) est envoyee au ser veur pour remplacer la cle de cryptage precedente CL(0) associee au meme  s The new CL encryption key (l, n + l) is sent to the server to replace the previous CL (0) encryption key associated with the same

numero d'identification NI(i).NI (i) identification number.

Pour les operations suivantes, lorsque l'utilisateur souhaite de nouveau acceder a l'ordinateur apres la fin de la session precedente, il  For the following operations, when the user wishes to access the computer again after the end of the previous session, he

fait de nouveau saisir son empreinte biometrique (200). Celle-ci est analy-  re-enter his biometric print (200). This is analyzed

see (201) pour donner un echantillon ECH et en meme temps une requete de cle de cryptage est adressee au serveur avec le numero d'identification NI(i). Apres reception de la cle de cryptage CL(1) du serveur S. l'ordinateur decrypte (203) la reference RFC(1) enregistree localement sous le numero d/identification NI(i). Cette reference decryptee RF(1) est alors utilisee pour  see (201) to give an ECH sample and at the same time a request for an encryption key is sent to the server with the NI identification number (i). After reception of the encryption key CL (1) from the server S. the computer decrypts (203) the RFC reference (1) recorded locally under the identification number NI (i). This RF decrypted reference (1) is then used to

etre comparee (204) a l'echantillon ECH.  be compared (204) to the ECH sample.

lO Si la reponse est positive (205), l'acces est autorise (206) et on forme (207 une nouvelle cle de cryptage CL(2, n+2) est formee. Cette cle est utilisee pour cryptee l'echantillon ECH, c'est-a-dire la nouvelle refe rence qui devient la reference cryptee RFC(2, n+2). Cette reference cryptee est enregistree localement touj ours sous le numero d /identification NI (i) et les autres informations vent de nouveau effacees de l'ordinateur en meme temps que la nouvelle cle CL(1) est envoyee au serveur sous le numero  lO If the response is positive (205), access is authorized (206) and a new encryption key CL (2, n + 2) is formed (207). This key is used to encrypt the ECH sample, ie the new reference which becomes the RFC encrypted reference (2, n + 2) This encrypted reference is always saved locally under the identification number NI (i) and the other information is again erased from the computer at the same time as the new key CL (1) is sent to the server under the number

d/identification NI(i).d / NI identification (i).

Les operations se repetent comme cela a deja ete decrit a ['aide de la figure 2. Si la comparaison (204) donne un resultat negatif  The operations are repeated as already described using FIG. 2. If the comparison (204) gives a negative result

(209), l'acces est interdit (210).(209), access is prohibited (210).

A chaque nouvelle demande d'acces, les operations decrites  With each new access request, the operations described

ci-dessus se repetent. Cela peut se fire dans la description ci-dessus en  above repeat themselves. This can be seen in the description above in

remplacO ant les indices 1, 2 par n, n+l.  replacing indices 1, 2 by n, n + l.

Dans le cas ou plusieurs utilisateurs vent autorises pour s un meme ordinateur, la situation est tres voisine. Chaque utilisateur en registre son identite au cours d 'une etape preliminaire, ct e st- a- dire qutil fait saisir son empreinte biometrique pour obtenir un numero d'identification NI(i), une premiere cle de cryptage et une premiere refe  In the case where several users are authorized for the same computer, the situation is very similar. Each user registers their identity during a preliminary step, that is to say that they enter their biometric fingerprint to obtain an NI identification number (i), a first encryption key and a first refe

rence cryptee puis les operations se repetent.  rence encrypted then the operations are repeated.

A chaque utilisateur est associee necessairement une cle de cryptage et une reference cryptee, differentes a la fois parce que l'empreinte biometrique est differente et parce qu'a chaque nouvelle de mande d'acces autorisee, le systeme forme une nouvelle cle de cryptage et  Each user is necessarily associated with an encryption key and an encrypted reference, different both because the biometric fingerprint is different and because with each new request for authorized access, the system forms a new encryption key and

une nouvelle reference cryptee.a new encrypted reference.

Selon une caracteristique de ['invention, les numeros d'identification NI(i) ne vent pas fournis aux utilisateurs mais restent en registres tels quels dans l'ordinateur sans etre associes directement a un  According to a characteristic of the invention, the identification numbers NI (i) are not supplied to the users but remain in registers as they are on the computer without being associated directly with a

utilisateur, ctest-a-dire a un nom d'utilisateur.  user, that is, has a user name.

Lors d'une demande d'acces d'un utilisateur Ui, celui-ci fait prendre son empreinte biometrique (200) puis l'ordinateur demande la cle  During a request for access by a user Ui, the latter takes his biometric print (200) then the computer requests the key

de cryptage au serveur. Pour cela, ltordinateur utilise par exemple le pre-  encryption to the server. For this, the computer uses for example the pre-

mier numero d'identification NI(1). Le serveur lui revole la cle de cryptage associee a ce numero d'identification. Puis l'ordinateur compare ltechantillon et la reference decryptee associee a ce numero d/identification  mier NI identification number (1). The server hands over the encryption key associated with this identification number. Then the computer compares the sample and the decrypted reference associated with this identification number

NI(1). Si la comparaison montre qu'il y a identite (205), l'acces est autori-  NI (1). If the comparison shows that there is identity (205), access is authorized.

se; une nouvelle cle de cryptage et une nouvelle reference cryptee vent formees dans les conditions deja decrites et elles remplacent les anciennes  is; a new encryption key and a new encrypted reference wind formed under the conditions already described and they replace the old ones

o informations.o information.

Si la comparaison donne un resultat negatif (209), l'acces n'est pas automatiquement interdit mais ['operation reprend (211) avec un  If the comparison gives a negative result (209), access is not automatically prohibited but the operation resumes (211) with a

autre numero d'identification NI(i), par exemple le numero NI(2), suivant.  another NI (i) identification number, for example the following NI (2) number.

La requete de cle, la comparaison avec l'echantillon et les operations sui  The key request, the comparison with the sample and the following operations

s vantes vent repetees avec cette nouvelle cle et la nouvelle reference de-  s vantes wind repeated with this new key and the new reference de-

cryptee associee a ce numero d'identification NI(2). Si la comparaison est  encrypted associated with this NI identification number (2). If the comparison is

positive, les operations s'arretent dans les conditions deja indiquees, c'est-  positive, operations stop under the conditions already indicated, that is

a-dire que l'acces est autorise; une nouvelle cle de cryptage et une nou-  to say that access is authorized; a new encryption key and a new

velle reference cryptee vent formees et enregistrees l'une dans le serveur, o l'autre localement. Si la reponse de la comparaison (204) est negative (209), ['operation se repete avec un autre numero d'identification NI(i), par  velle reference encrypted wind formed and saved one in the server, or the other locally. If the comparison response (204) is negative (209), the operation is repeated with another NI identification number (i), for

exemple le numero suivant NJ(3) dans un ordre qui n'a pas d'importance.  example the following number NJ (3) in an order which does not matter.

Les operations se repetent jusqu'a l'obtention d'une reponse positive (205) ou en cas de reponse negative pour tous les numeros  The operations are repeated until a positive response is obtained (205) or in the event of a negative response for all the numbers.

s d'identification NI(i) et les cles de cryptage associees, l'acces est inter-  s NI (i) identification and associated encryption keys, access is inter-

dit (210).says (210).

Les operations decrites ci-dessus peuvent etre protegees par un jeton emis a chaque demande d'acces et particularise a chaque foist Ce jeton est forme dans l'ordinateur et dans le serveur selon  The operations described above can be protected by a token issued at each access request and specific to each foist This token is formed in the computer and in the server according to

so un algorithme identique pour permettre la reconnaissance du jeton.  so an identical algorithm to allow the recognition of the token.

Claims (4)

R E V E N D I C A T I O N SR E V E N D I C A T I O N S 1 ) Procede de controle de la signature electronique sous forme d'empreinte biometrique d'un utilisateur d'ordinateur pour verifier son autorisation d'acces, notamment d'effectuer des transactions avec cet or s dinateur, ce dernier, equipe d'un capteur d'empreintes biometriques etant relic a un serveur, procede caracterise en ce que A) a la premiere utilisation protegee de l'ordinateur: - on saisit l'empreinte biometrique EB de l'utilisateur autorise avec o le capteur biometrique (2) associe a l'ordinateur, - on attribue un numero d'identifcation NI(i) a l'utilisateur, - on analyse l'empreinte biometrique EB pour en determiner les particularites (minuties, points X, Y) et leur position relative dans un systeme de coordonnees pour former une reference RF(0), S - on forme une cle de cryptage CL(0) en appliquant un programme de cryptage PCR a la reference RF(0), - on crypte la reference RF(0) avec la cle de cryptage CL(0) ainsi obtenue pour former la reference cryptee RFC(0), - on efface l'empreinte saisie EB et la reference RF(0), - on stocke localement la reference cryptee RFC(0) avec le numero d'identification NI(i), - on envoie la cle CL(0) au serveur avec le numero d/identification NI(i), - on efface la cle CL(O) dans l'ordinateur, B) lors d'un acces suivant a l'ordinateur: - on saisit ltempreinte biometrique EB, - on an alys e l 'e mpreinte EB et on fo rme un e chantillon ECH a ['aide du programme d'analyse PRA, - on envole une requete de cle avec le numero d'identifcation NI(i) o au servour, qui retourne la cle CL(0) associee au numero d'identification NI(i), - on decrypte la reference cryptee RFC(0) enregistree localement avec la cle CL(0), - on compare l'echantillon ECH a la reference decryptee RF(0): * si la comparaison est positive, l'autorisation d'acces est accor dee et on forme une nouvelle cle de cryptage CL( 1, n+ 1) transmise au serveur sous le meme numero d'identification NI(i) en remplacement de l'ancienne cle CL(O, n) et avec cette nouvelle cle CL(1, n+l), on crypte l'echantillon ECH qui de vient une reference cryptee RFC(1, n+l) remplacant la refe rence precedente RF(O, n), * si la comparaison est negative, l'autorisation d'acces est refu s see. 2 ) Procede de controle selon la revendication 1, caracterise en ce qu' on stocke localement la reference cryptee RFC(O, n) dans l'ordinateur ou  1) Method for controlling the electronic signature in the form of a biometric fingerprint of a computer user to verify his authorization of access, in particular to carry out transactions with this computer, the latter equipped with a sensor of biometric fingerprints being linked to a server, process characterized in that A) at the first protected use of the computer: - the biometric fingerprint EB of the authorized user is entered with o the biometric sensor (2) associated with the computer, - we assign an identification number NI (i) to the user, - we analyze the biometric fingerprint EB to determine its particularities (minutiae, points X, Y) and their relative position in a system of coordinates to form an RF reference (0), S - we form an encryption key CL (0) by applying a PCR encryption program to the RF reference (0), - we encrypt the RF reference (0) with the CL (0) encryption thus obtained to form the RFC (0) encrypted reference, - we delete the fingerprint entered EB and the reference RF (0), - we locally store the encrypted reference RFC (0) with the identification number NI (i), - we send the key CL (0) to the server with the number d / identification NI (i), - we delete the key CL (O) in the computer, B) during a following access to the computer: - we enter the biometric fingerprint EB, - we analyze the EB footprint and we form a sample ECH using the PRA analysis program, - we send a key request with the identification number NI (i) o to the servour, which returns the key CL (0) associated with the NI identification number (i), - we encrypt the encrypted RFC reference (0) stored locally with the key CL (0), - we compare the ECH sample to the decrypted reference RF (0): * if the comparison is positive, the authorization of access is granted and a new encryption key CL (1, n + 1) is transmitted transmitted to the server under the same identification number NI (i) replacing the old key CL (O , n) and with this new key CL (1 , n + l), we encrypt the sample ECH which comes from an encrypted reference RFC (1, n + l) replacing the previous reference RF (O, n), * if the comparison is negative, the authorization of access is refused. 2) Control method according to claim 1, characterized in that the encrypted reference RFC (O, n) is stored locally in the computer or o dans un support risible directement par l'ordinateur (carte a puce,...).  o in a medium laughable directly by the computer (smart card, ...). 3 ) Procede de controle selon la revendication 1, caracterise en ce qu' en cas de plusieurs utilisateurs (Ui) autorises a l'acces de l'ordinateur,  3) Control method according to claim 1, characterized in that in the case of several users (Ui) authorized to access the computer, s chacun est identifie par un numero d'identification NI(i) associe respecti-  s each is identified by an associated NI (i) identification number vement aux cles de cryptage CL(n, i) et aux references cryptees RFC(n, i)  to CL (n, i) encryption keys and RFC (n, i) encrypted references successives de chaque utilisateur Ui.  of each user Ui. 4 ) Procede de controle selon la revendication 3, caracterise en ce que les numeros d'identification NI(i) vent enregistres dans l'ordinateur et, lors  4) Control method according to claim 3, characterized in that the identification numbers NI (i) are recorded in the computer and, during d'un acces par l'un des utilisateurs autorises, apres la saisie de son em-  access by one of the authorized users, after entering their em- preinte biometrique EB, l'ordinateur utilise successivement les differents numeros d'identification NI(i) pour demander chaque fois la cle de cryp 2s tage associee au servour; effectuer les controle avec cette cle de cryptage (decryptage, comparaison de la reference decryptee et de l'echantillon, formation d'une nouvelle cle  biometric EB, the computer successively uses the different identification numbers NI (i) to request each time the 2s-stage encryption key associated with the servour; perform the checks with this encryption key (decryption, comparison of the encrypted reference and the sample, formation of a new key de cryptage et d'une nouvelle reference cryptee et leur enregistrement, ef-  encryption and a new encrypted reference and their registration, e- facement des anciennes references, anciennes cles de la reference ayant servi au nouveau cryptage) ou refuser definitivement l'acces si les differentes comparaisons ont toutes ete negatives. ) Procede de controle selon la revendication 1, 3s caracterisee en ce qu' au moment de la demande d'identification, l'ordinateur cree un jeton qui  facade of the old references, old keys of the reference having been used for the new encryption) or definitively refuse access if the different comparisons have all been negative. ) Control method according to claim 1, 3s characterized in that at the time of the identification request, the computer creates a token which fait le tour du reseau pour ne permettre qu'une transaction.  goes around the network to allow only one transaction. 6 ) Procede de controle selon la revendication 5, caracterisee en ce que le jeton est un nombre aleatoire identifiant la transaction et modifie a  6) Method of control according to claim 5, characterized in that the token is a random number identifying the transaction and modifies chaque operation.each operation.
FR0207125A 2002-06-11 2002-06-11 ELECTRONIC SIGNATURE CONTROL METHOD FOR AUTHORIZING ACCESS TO A COMPUTER FOR THE EXECUTION OF A TRANSACTION Expired - Fee Related FR2840747B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR0207125A FR2840747B1 (en) 2002-06-11 2002-06-11 ELECTRONIC SIGNATURE CONTROL METHOD FOR AUTHORIZING ACCESS TO A COMPUTER FOR THE EXECUTION OF A TRANSACTION

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR0207125A FR2840747B1 (en) 2002-06-11 2002-06-11 ELECTRONIC SIGNATURE CONTROL METHOD FOR AUTHORIZING ACCESS TO A COMPUTER FOR THE EXECUTION OF A TRANSACTION

Publications (2)

Publication Number Publication Date
FR2840747A1 true FR2840747A1 (en) 2003-12-12
FR2840747B1 FR2840747B1 (en) 2004-10-15

Family

ID=29559108

Family Applications (1)

Application Number Title Priority Date Filing Date
FR0207125A Expired - Fee Related FR2840747B1 (en) 2002-06-11 2002-06-11 ELECTRONIC SIGNATURE CONTROL METHOD FOR AUTHORIZING ACCESS TO A COMPUTER FOR THE EXECUTION OF A TRANSACTION

Country Status (1)

Country Link
FR (1) FR2840747B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1693774A3 (en) * 2005-02-21 2006-09-06 Hitachi-Omron Terminal Solutions, Corp. Biometric authentication apparatus, terminal device and automatic transaction machine

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050875A2 (en) * 1997-05-09 1998-11-12 Gte Government Systems Corporation Biometric certificates
US6035398A (en) * 1997-11-14 2000-03-07 Digitalpersona, Inc. Cryptographic key generation using biometric data

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050875A2 (en) * 1997-05-09 1998-11-12 Gte Government Systems Corporation Biometric certificates
US6035398A (en) * 1997-11-14 2000-03-07 Digitalpersona, Inc. Cryptographic key generation using biometric data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1693774A3 (en) * 2005-02-21 2006-09-06 Hitachi-Omron Terminal Solutions, Corp. Biometric authentication apparatus, terminal device and automatic transaction machine

Also Published As

Publication number Publication date
FR2840747B1 (en) 2004-10-15

Similar Documents

Publication Publication Date Title
US20210334571A1 (en) System for multiple algorithm processing of biometric data
CA2640915C (en) Biometric authentication method, computer programme, authentication server, corresponding terminal and portable object
EP0253722B1 (en) Method for diversifying a basic key and for authenticating a key worked out from a predetermined basic key and system for operation
US7840034B2 (en) Method, system and program for authenticating a user by biometric information
EP0252849B1 (en) Method for authenticating external authorization data by a portable object such as a memory card
US6851051B1 (en) System and method for liveness authentication using an augmented challenge/response scheme
US7773779B2 (en) Biometric systems
EP2502211B1 (en) Method and system for automatically checking the authenticity of an identity document
BR112019009519A2 (en) biometric transaction system
US20090262990A1 (en) Apparatus and method for polynomial reconstruction in fuzzy vault system
FR2905187A1 (en) BIOMETRIC ELECTRONIC PAYMENT TERMINAL AND TRANSACTION METHOD
JP2003216584A (en) Secured identification with biometric data
CA2589223C (en) Method for identifying a user by means of modified biometric characteristics and a database for carrying out said method
FR3006790A1 (en) BIOMETRIC IDENTIFICATION METHOD
CN112600886B (en) Privacy protection method, device and equipment with combination of end cloud and device
Chandrasekhar et al. A noval method for cloud security and privacy using homomorphic encryption based on facial key templates
EP1266359B1 (en) Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
FR2840747A1 (en) Biometric access authentication method wherein each time access is required a fingerprint sample is compared with a stored encrypted reference with the new fingerprint sample forming a new reference after a positive comparison
EP0995172A1 (en) Personal computer terminal capable of safely communicating with a computer equipment, and authenticating method used by said terminal
Islam et al. Technology review: image enhancement, feature extraction and template protection of a fingerprint authentication system
FR2861482A1 (en) Authentication biometric data securing method, involves personalizing stored general transformation function with user parameter, and applying personalized transformation function to authentication biometric data of user
EP1949305A1 (en) Method for automatically recognising fingerprints
US20200175145A1 (en) Biometric verification shared between a processor and a secure element
CA3205344A1 (en) Method for checking individuals with simplified authentication
FR3088128A1 (en) BIOMETRIC RECOGNITION METHOD AND DEVICE

Legal Events

Date Code Title Description
ST Notification of lapse

Effective date: 20070228